What's New in vCenter Orchestrator 5.5.1

With this release vCenter Orchestrator introduces a more flexible content delivery mechanism thanks to increased workflow development efficiency, the Dynamic Types concept and out of the box version control system support.

Workflow tagging
As part of the automation process you are now able to assign key-value tags to an existing workflows. Tags let you attach metadata to existing workflows and make them more searchable and easy to use. Tags let you quickly identify resources based on a logical relation. Later on, you can reference them in a specific automatic remediation case or call a particular workflow based on a tag criteria.

Plug-ins improvements
Plug-in development is easier than ever thanks to significant improvements in the vCenter Orchestrator Plug-In SDK. The new Plug-In SDK is distributed as part of the Orchestrator Appliance and exposes a mvn-based context for building the plug-in hierarchy and storing the plug-in dependency. In addition to this, with this release Orchestrator introduces a new plug-in development API exposing easy to use SSL trusted store support and cluster-wide persistence and propagation of plug-in configuration changes.
The following plug-ins are now being shipped as part of the vCO 5.5.1 platform - HTTP-REST, SOAP, Active Directory, SNMP, and AMQP.

Version control system support
The vCenter Orchestrator client provides the ability to export existing packages directly into a folder. Once the workflow packages are exported, they can be easily integrated with a version control system and the content can be easily collaborated among the team.

Dynamic Types (Beta)
Workflow developers are now able to explore the new Dynamic Types which currently is being shipped with Beta quality. They can easily extend vCenter Orchestrator plug-ins by adding their custom types accessible from the scripting API. New types become available in the inventory right after creation and they could be directly leveraged from the vCAC ASD context as part of the cloud provisioning process and XaaS definition.

vCenter Orchestrator 5.5.1 Feature and Support Notice

The use of OGNL expressions in workflow presentations is supported.

The features listed below are deprecated in vCenter Orchestrator 5.5.1 and scheduled for removal in future releases. None of the deprecated features should be used as part of any vCenter Orchestrator based solution.

vCenter Orchestrator 32-bit client The vCenter Orchestrator 32-bit client is currently available but will be removed in the next update release of Orchestrator 5.5.

vCenter Orchestrator Web Views
This feature is currently deprecated and will be removed after the next major release of vCenter Orchestrator.

vCenter Orchestrator Simple Object Access Protocol (SOAP) service API
This feature is currently deprecated and is scheduled for removal after the next major release of vCenter Orchestrator. vCenter Orchestrator developers should use the representational state transfer (REST) API in order to access vCenter Orchestrator workflows through the Web.

vCenter Orchestrator Configuration Interface
This feature is currently deprecated and planned to be removed in the second major release of vCenter Orchestrator. Recommended vCenter Orchestrator configuration should happen through vCenter Orchestrator configuration workflows and vCenter Orchestrator configuration API.

Installing VMware vCenter Orchestrator 5.5.1

You can download the vCenter Server 5.5.1 installer and install Orchestrator together with vCenter Server or standalone.

To upgrade an installation of Orchestrator 4.2.x and later on a 64-bit Microsoft Windows server that is different from the server on which vCenter Server runs, run the latest version of the Orchestrator standalone installer.

If vCenter Orchestrator 4.0.x is installed on the same 64-bit machine as vCenter Server 4.0.x, you cannot upgrade to Orchestrator 5.5.1 by upgrading to vCenter Server 5.5 Update 1. VMware does not support the in-place upgrade of a standalone Orchestrator instance running on a 64-bit machine. To upgrade to vCenter Orchestrator 5.5.1, you must export the Orchestrator configuration settings, uninstall the existing Orchestrator instance, run the 64-bit Orchestrator installer, and import the configuration settings.

Important: Orchestrator 5.5.1 does not support Single Sign-On 1.0 when using vCenter Server 5.1. If you are upgrading Orchestrator 5.1.x that is registered with Single Sign-On to Orchestrator 5.5.1, you must register the instance with Single Sign-On 2.0 after the upgrade.

If you have developed workflows, actions, plug-ins, policies, and so on, by using a previous version of Orchestrator, perform the following steps:

Export packages of all the custom workflows, actions, policies, and so on, that you developed with the earlier version of Orchestrator.

VMware vCenter Orchestrator is available as a preconfigured virtual appliance. The appliance significantly reduces the time and skills required to deploy vCenter Orchestrator and provides a low-cost alternative to the traditional Windows-based installation. You can download the vCenter Orchestrator Appliance 5.5.1 from the Orchestrator Appliance download link .

The Orchestrator Appliance offers great flexibility and uncompromised performance, making it ideal for any use case from lab evaluation to large-scale production use. The appliance offers all of the components included in the regular Windows-based installation, along with the flexibility to use either the pre-built directory services and database, or external ones like Active Directory or Oracle. What's more, the Orchestrator appliance has been certified to run at the same performance level as the Windows-based installation.

The Orchestrator Appliance makes it even faster, easier, and more affordable to integrate the VMware cloud stack, including vCenter Server and vCloud Director, with your IT processes and environment.

Important: You can perform an in-place upgrade to version 5.5.1 only of Orchestrator Appliance 5.5. To upgrade Orchestrator Appliance 5.1.x and earlier to Orchestrator 5.5.1, you must download and deploy the latest version of the appliance, and migrate the data from a previous appliance version. For instructions about upgrading the Orchestrator Appliance, see Installing and Configuring VMware vCenter Orchestrator.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log into the Orchestrator Appliance as root, and run:

passwd -x number_of_daysname_of_account

To make your Orchestrator Appliance root password last forever, run:

passwd -x 99999 root

Plug-Ins Installed with vCenter Orchestrator 5.5.1

The following plug-ins are installed by default with vCenter Orchestrator 5.5.1:

vCenter Orchestrator SOAP Plug-In 1.0.3

vCenter Orchestrator HTTP-REST Plug-In 1.0.3

vCenter Orchestrator Plug-In for Microsoft Active Directory 1.0.4

vCenter Orchestrator AMQP Plug-In 1.0.3

vCenter Orchestrator SNMP Plug-In 1.0.2

Dynamic Types 1.0.0 (beta)

Internationalization Support

vCenter Orchestrator 5.5.1 supports internationalization level 1. Although Orchestrator is not localized, it can run on non-English operating systems and handle non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

Support Requests (SRs)

Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

Prior Releases of vCenter Orchestrator

Features and issues from earlier releases of vCenter Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vCenter Orchestrator, click one of the following links:

[NEW]Trying to log in to the Orchestrator client during upgrade results in an error
If you try to log in to the Orchestrator client during upgrade, you receive an Invalid username/password error message.

Workaround: To be able to log in to the Orchestrator client:

Log in to the vSphere Web Client as a user with administrative privileges for Single Sign-On.

Navigate to Administration > Single Sign-On > Users and Groups and select the Groups tab.

Create the ActAsUsers group if it does not exist.

Add the Orchestrator application user that is a member of the vsphere.local domain and has user name vCO-<hash_code>, as a member of the ActAsUsers group.

If you upgrade vCenter Orchestrator 5.1.x or 5.5 with an Oracle database to Orchestrator 5.5.1 , the database schema might not be updated
When configuring the database through the Orchestrator web configuration interface, the following error is reported:
Mismatch database version (found version '1.60', was expecting version '1.63'). In the Orchestrator log, you can see the following message: ORA-01450: maximum key length (6398) exceeded.

Workaround:
To prevent the error related to the Oracle database when upgrading to vCenter Orchestrator 5.5.1:

Stop the Orchestrator Server service and the Orchestrator Configuration service.

Upgrade the vCenter Orchestrator to version 5.5.1.

Run the following script against Oracle database:UPDATE VMO_ConfigItem set itemValue = '1.61' where id = 'item_db_version'

Start the Orchestrator Configuration service and log in to Orchestrator configuration interface.

Navigate to Database configuration and click Update link.

After upgrading to vCenter Orchestrator 5.5.1 as part of vCenter Server which is configured with an Oracle database, you might not be able to log in
If you upgrade a vCenter Orchestrator instance which is installed as part of vCenter Server and uses a vDB database connection to the Oracle database of the vCenter Server, you might not be able to log in to the Orchestrator after the upgrade, although the Orchestrator server starts successfully. The following error is reported in the Orchestrator log: Could not establish a connection to the database. Retrying in 30s.

Workaround:

Stop the Orchestrator Server service.

Start the Orchestrator Configuration service and log in to Orchestrator configuration interface.

Navigate to Database configuration and change the database connection type from vDB to Oracle.

Fill in the properties of the connection to the vCenter Server database.

Upgrade the vCenter Orchestrator to version 5.5.1.

When you upgrade vCenter Orchestrator from version 5.1.2 to version 5.5.1, the Orchestrator database configuration is not updated
When you upgrade vCenter Orchestrator 5.1.2 standalone or as part of the vCenter Server 5.1.2 to version 5.5.1, the Orchestrator database configuration is not updated.

Workaround:

Stop the Orchestrator Server service and the Orchestrator Configuration service.

Upgrade the vCenter Orchestrator.

Depending on the Orchestrator database server type, run one of the following scripts against the Orchestrator database:

Start the Orchestrator Configuration service and log in to Orchestrator configuration interface.

Navigate to Database configuration and click Update link.

Restarting Orchestrator server service after reinstalling plug-ins adds Java exceptions to the logs
In the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by clicking Reset current version and then restart the Orchestrator server, several Java exceptions are written to the Orchestrator server logs.

Orchestrator registry keys remain after you uninstall Orchestrator by using Windows Control Panel
If you uninstall Orchestrator using the Windows Control Panel, some Orchestrator registry entries are not removed.

Workaround: To remove the Orchestrator entries manually:

Click Start > Run.

Type regedit and press Enter.

In the Registry Editor, click File > Export to back up the current registry settings.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\VMware.

Right-click the Orchestrator entries and select Delete.

After upgrading Orchestrator as part of vCenter Server to 5.5, you might not be able to start the Orchestrator server.
If the Orchestrator Administrators group and the Administrators group of the vCenter Server local machine are identical, and the local machine name has been changed after the latest vCenter Server installation, the Orchestrator server might not start successfully after the upgrade to Orchestrator 5.5.
Workaround: Before starting the Orchestrator server after the upgrade to 5.5, configure the authentication settings and upgrade the database from the Orchestrator configuration interface.

If you upgrade Orchestrator as part of vCenter Server to 5.5 and start the Orchestrator server right after the upgrade, you might experience performance issues with tasks, policies, and other Orchestrator components.
During the upgrade to Orchestrator 5.5 an error with the Single Sign-On configuration occurs, which prevents Orchestrator from upgrading the database. For information about the error, see the log file vSphere_installation_directory\Infrastructure\Orchestrator\app-server\logs\post_installer_action_errors.log.
Workaround: Before starting the Orchestrator server after the upgrade to 5.5, upgrade the database from the Orchestrator configuration interface.

After upgrading to Orchestrator 5.5, scheduled tasks might not run.
After upgrading to Orchestrator 5.5 and starting the Orchestrator server, scheduled tasks might not run because Orchestrator cannot retrieve tokens from Single Sign-On for the users who scheduled the tasks.

Workaround: Edit the tasks and re-enter the user credentials.

After upgrading to Orchestrator 5.5 and if Single Sign-On authentication is used, running workflows might not complete successfully.
After upgrading to Orchestrator 5.5 and starting the Orchestrator server, workflows that were in running state or waiting on user interactions before the upgrade might not complete successfully if Single Sign-On authentication is used.

Workaround: Restart the workflows.

Internationalization Issues

You might not be able to configure the LDAP settings if your LDAP password contains non-ASCII characters
When you try to configure the LDAP settings in the Orchestrator configuration interface and the LDAP password that you enter contains non-ASCII characters, the process of configuring might fail with an error message of the type Unable to connect to LDAP Server. This issue appears under the following conditions:

When the LDAP password contains characters such as  and ÿ in German and French locales.

When the LDAP password contains any native characters in Japanese, Korean, and Simplified Chinese locales.

Problems handling non-ASCII characters in certain contexts
Using non-ASCII characters in input parameters results in incorrect behavior in the following contexts:

If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.

If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for Web view attributes, workflow attributes and action attributes.

Configuration Issues

After you modify the Single Sign-On settings by running a workflow from the Configuration plug-in, you must immediately restart the Orchestrator server
You must always restart the Orchestrator server right after running a workflow for configuring the Single Sign-On settings, otherwise the Orchestrator server might become unavailable. The new Single Sign-On settings will be applied after the server restart. For this reason, if you are performing an automatic configuration of Orchestrator server through workflows, make sure that the Single Sign-On configuration is the last step of the process and is performed right before the Orchestrator server restart.

The Orchestrator authentication configuration might become invalid
When Orchestrator is configured to use vCenter Single Sign-On, if the certificate of the vCenter Single Sign-On server changes or regenerates, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

Workaround: To fix this issue, import the new vCenter Single Sign-On certificate:

Log in to the Orchestrator configuration interface as vmware.

Click Network.

In the right pane, click the SSL Trust Manager tab.

Load the vCenter Single Sign-On SSL certificate from a URL or a file.

Click Import.

Click Startup Options.

Click Restart the Orchestrator configuration server to restart the Orchestrator Configuration service after adding the new SSL certificate.

Orchestrator does not work with forest and external trusts in Active Directory

Multiple domains that are not in the same tree but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

Support for TNSNames missing when you connect to an Oracle database
You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

SSL certificate is lost when you import configuration from previous installation
If you import the configuration of a previous installation into the current installation, the SSL certificate from the old installation is not loaded. In the Orchestrator configuration interface the Server Certificate tab shows a red triangle.

Workaround: You must import the certificate manually.

Restricted access to vCenter Server inventory can cause errors if you set Session per user
If you select the Session per user option in the vCenter Server tab of the configuration interface, accessing the vCenter Server inventory can result in some errors if the connected user has restricted access to inventory objects.

No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already in use
The Network configuration is saved successfully without errors even when the port numbers that you enter are already taken on your host.

Workaround: Make sure the port numbers you enter on the Network tab are free.

Networking Issues

Loss of network connection to vCenter Server can cause workflows to stop
If Orchestrator loses the network connection to vCenter Server while a workflow is running, and if the workflow attempts to access vCenter Server, that workflow stops and does not attempt to restart. Furthermore, the vCenter Server plug-in flushes its cache if it loses the connection to vCenter Server. Consequently, when the Orchestrator server restarts, it fetches all running objects again from the vCenter Server rather than reloading them from the cache. Fetching the objects again can cause peaks in CPU usage, and increases the load on vCenter Server. An intermittent connection to vCenter Server causes frequent workflow failures. If the network connection to vCenter Server is intermittent, then constantly fetching the objects can consume vCenter Server memory, leading to drops in performance.

Workaround: Ensure that the network connection to vCenter Server is stable.

Client Issues

You might not be able to start the Orchestrator client from the Orchestrator Appliance home page on Windows XPYou might not be able to start the Orchestrator client from the appliance home page by using the Java Web Start on Windows XP. The error message that you receive states that there is an unsigned .jar file found in the application. This is an issue of the Java Web Start software.

Workaround: Enable caching of temporary files in the Java Web Start configuration. To do this:

Set the amount of disk space for storing temporary files to maximum, and click OK.

Under Temporary Internet files, click View.

In the Java Cache Viewer, select Applications.

Select all items and remove them by clicking the Remove selected items button in the toolbar.

Click Close.

Click OK to close the Java Control Panel window.

Click Start Orchestrator Client on the appliance home page to try to start the Orchestrator client by using the Java Web Start.

Usage of the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported

Importing a package using the Orchestrator client fails occasionally
Occasionally, when your database is a MySQL database, importing a package using the Orchestrator client results in the error Unable to import a certificate, reason : Unable to save keystore.

Workaround: Close the error message and attempt the import again.

The Revert option for the parameters table on the Scripting tab of the Edit Actions view does not revert to the last saved state
When you add a parameter to an action script, you cannot remove it using the Revert option.

Workaround: Right-click the parameter and click Delete Selected.

Characters are accepted as the input value for workflow attributes of number type
Format validation has been disabled on workflow attributes that are of the number type. Invalid input values are accepted without any warning, and workflows are saved successfully, which can lead to unpredictable results.

Changes to input parameter descriptions are not propagated to the presentation
If you change the description of an input parameter for a workflow, the change is not propagated to the description in the presentation.

Workaround: Copy the description to the presentation manually.

Documentation Issues

[NEW]There is missing information about ports 8286 and 8287 in the Installing and Configuring vCenter Orchestrator publication
The VMware vCenter Orchestrator Default Configuration Ports table in Installing and Configuring vCenter Orchestrator, Orchestrator Network Ports does not mention that Orchestrator requires ports 8286 and 8287. The following information is missing in the table:

A generated URL might lead to an error of the type: Page not found
When you run a workflow that sends an email with a URL requiring a user interaction, after you click the URL, it opens the weboperator Web view page with an error of the type: Page not found. This issue occurs when Orchestrator is configured to use 0.0.0.0 as an IP address.

Workaround: Configure Orchestrator to use another IP address:

Log in to the Orchestrator configuration interface as vmware.

On the Network tab configure the Orchestrator IP address.

Click Apply changes.

Orchestrator does not support slashes in workflow namesIf you have a workflow with a slash in its name, when you run the workflow, the workflow token might never change to completed, although the workflow itself has completed running.

Workaround: Remove the slash from the name of the workflow.

Web views does not support multiple level of presentation field bindingWeb views does not support multiple levels of presentation field binding. For example, suppose the presentation consists of the following fields and bindings:

sourceField

aField bound to sourceField by using a DefaultValue attribute

bField bound to aField by using a DefaultValue attribute

When you change the value of sourceField, the value of aField is also updated, but the value of bField remains the same.

You cannot collect Orchestrator log bundle together with the vCenter Server log bundle
When Orchestrator and vCenter Server are installed on the same machine, and you collect the vCenter Server log bundle, the Orchestrator log files are not included in the bundle ZIP file. You can collect the Orchestrator log files only from the Orchestrator configuration interface. To gather log files from Orchestrator:

Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.

Log in with your username and password.

Click Logs.

Click Generate log report.

Save the generated ZIP file.

The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks
On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

Workaround: Do not include virtual machines with snapshots in the workflow.

Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail
If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in by using the Orchestrator configuration interface, you must use a VMOAPP or DAR file.

Workaround: Change the ZIP extension back to either VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

Repeatedly publishing and unpublishing Web views can cause memory issues
Publishing and unpublishing of Web views restarts the Tapestry framework, which regenerates new meta-class information without cleaning up the previous meta-class information. Publishing and unpublishing a Web view by repeatedly calling the methods Webview.enable() and Webview.disable() in a loop in scripts can consume large quantities of memory and eventually leads to performance issues.

Adding values to vCenter Server data object properties of type Array is impossible
When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a consequence, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a pre-filled array. However, after you have instantiated the object, you cannot add values to the array.

In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

Workflow input parameters of type SecureString cannot take a null value
You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. If you start a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then change the workflow state to passive by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way you can use a null value to start a workflow that requires a SecureString input parameter.